Shared hosting vs. Dedicated hosting

I've been using shared hosting (Bluehost) for the past few months, and I'm wondering how much time/knowledge is required to manage a dedicated server. In particular I'm thinking of purchasing hosting from a dedicated server company (a friend of mine recommended Serverpronto). I have passable knowledge of Unix/Linux, but no experience running web server. Will I run into problems? Is there anything behind the curtains that a shared hosting company does that I would have to do myself with dedicated hosting (for example, security?)?

Mark
Wednesday, July 25, 2007

Deleting …Approving …

I use Serverpronto and I know someone who uses it too.

I think a dedicated server is slightly more secure when you use it alone and not for sharing with "friends". Otherwise, it's better to allow other people worry about the security of the server.

The problem with security is that it's not an easy thing to administer. Basically, professionals of the area say that you should not assume that you have a bullet-proof setting, and that you should always prepare for the worse. :-)

Let's say, one should not underestimate the work involved in providing a top-notch hosting service. But as long as it's just for you, and as long as you keep backup of things and try to lock things down when possible, you shouldn't have a problem running your own server. Linux makes it easy.

Although reselling services might be a problem. If you need to host your own email server, try to keep it just for you and for administration of your server. Let servers like Google handle domains emails for you or your users. It helps to keep you sane. SSH accounts only for you. Don't enable FTP servers necessarily. Make sharing of files be HTTP enabled if you need to. Create unique passwords which are hard to guess in your SSH accounts. :-)

Then you need to watch out for potential problems in PHP and PHP applications, which may affect anyone who uses software created by other people. If you can, you could try to avoid using Apache, and rather use a less known server like Lighttpd or Nginx, as they are smaller, easier to configure, and don't come pre-configured like Apache might come. That is, folks who can avoid the use of Apache might be slightly more secure by default.

Don't make your database accessible from outside of the server. For example, don't connect to it from your development machine. Because it's one potential source of problem otherwise.

Anyway, other people do things the "easy way" and get away with it. So hopefully you will too if you choose so.

Joao Pedrosa
Wednesday, July 25, 2007

Deleting …Approving …

In other words ... its hard if you're just getting into it. Go for a Managed server if you can.

anonymous_coward
Wednesday, July 25, 2007

Deleting …Approving …

I agree, managing your own server is quite a bit of work:

- first, there's all the security patches to apply (if you have a packaging system with updates then you get that for free)

- then there's the tools for which you need more recent versions than your linux distro provides and you have to compile them by hand, but then you lose automatic patches so you have to apply them manually

- then there's securing /tmp and things like that, which you usually have to do manually

- then there's preventing attacks like DDOS, e-mail attacks, SSH attacks, etc, which most distros don't protect you against by default

- oh, and you have to add backups of course ...

Personally I'd rather pay a bit more and not have to do all that stuff myself.

From experience RackaSpace and WebFaction do a pretty good job at providing managed servers.

Steve Pears
Thursday, July 26, 2007

Deleting …Approving …

"That is, folks who can avoid the use of Apache might be slightly more secure by default."

Holy crap what a ripoff. 350/month for a 3rd rate computer. For that much (350/month), they should be giving you a quad core with 20 terabytes of storage.

my name is here
Thursday, July 26, 2007

Deleting …Approving …

RackSpace's servers are in the same price range.Keep in mind that these are *managed* dedicated servers.Quite different from a bare dedicated server ...

Steve Pears
Thursday, July 26, 2007

Deleting …Approving …

"Holy crap what a ripoff. 350/month for a 3rd rate computer. "

You're obviously not just paying for the hardware. That includes the labor which is the most costly part of managing a server. And $350/month ends up being $4200 a year which is chump change. Even if the computer is only worth $1000 you are basically only paying $3200 for the labor. Try hiring someone for that or see how many hours that equates to if you are paying your own hourly rate.

Seriously, some of you people really need to get a clue. Time is money. And $4200 a year is chump change to anyone but some college kid trying to host his fantasy football web site. REAL businesses are more than happy to shell out a few thousand dollars to know that it is being taken care of. Paying someone to manage a server as part of their job is going to end up costing a heck of a lot more than that.

anon
Thursday, July 26, 2007

Deleting …Approving …

"You must not know anything about security."

All I know about it is that you should not assume security as a given just because you use the most famous and supported tools out there.

Joao Pedrosa
Thursday, July 26, 2007

Deleting …Approving …

And $4200 a year is chump change

Paying 4200 dollars for a few hours work (if that much) is something any manager should be immediately dismissed for.

my name is here
Thursday, July 26, 2007

Deleting …Approving …

And if it wasn't already obvious, the "$300 setup" fee (ie, throwing a switch) should make the ripoff pretty clear.

my name is here
Thursday, July 26, 2007

Deleting …Approving …

"You're obviously not just paying for the hardware"

Sorry for so many posts, but it's obvious you ARE paying for hardware (at least allegedly) if you look at the graph. The amount of service provided is identical for each setup, while the price doubles from lowest to highest. What do you get for your extra 350/month? A few hundred dollars worth of CPU and disk space.

my name is here
Thursday, July 26, 2007

Deleting …Approving …

"Paying 4200 dollars for a few hours work (if that much) is something any manager should be immediately dismissed for."

Well obiously, the point everyone else is making is that it takes much more than a few hours of work.

"And if it wasn't already obvious, the "$300 setup" fee (ie, throwing a switch) should make the ripoff pretty clear."

So installing an OS and patches, putting a server box into an air conditioned rack, configuring it for network access, and all the miscellaneous billing/accounting work involved is "flipping a swith"? Man, you are naive.

"Sorry for so many posts, but it's obvious you ARE paying for hardware (at least allegedly)"

Obviously you are paying for hardware. I said that you AREN'T JUST paying for hardware. The difference in the pricing levels is the better hardware and bandwidth.

You appear to be the kind of person who doesn't really know how much time he is actually spending on things. Take a step back and look at all of the miscellaneous time you spend setting up your own server environment. You will spend way over $4200 just to get someone to come in and install line conditioning, cooling systems, and other necessary hardware. That doesn't even count the time that you spend requisitioning a machine and setting it all up. When it's all said and done, unless you are already hosting other servers, hosting a new server is at least a $10,000 ordeal for any company.

Stop thinking so small. People who host their own servers in their basements may think that they are saving themselves a lot of money. But in the end, they are getting exactly what they paid for. Nothing but a pain in the butt.

anon
Thursday, July 26, 2007

Deleting …Approving …

You will spend way over $4200 just to get someone to come in and install line conditioning, cooling systems, and other necessary hardware.

What are you talking about? A basic unmanaged server has all that. The only thing a "managed" server gets you is some minimum wage flunky running ftp backups and adding patches. Yes, and adding a new server is "flipping a switch" because all they do is associate your account with a rack mounted machine that was among those installed en masse.

my name is here
Thursday, July 26, 2007

Deleting …Approving …

"What are you talking about? A basic unmanaged server has all that. "

So you order a Dell these days and it comes with a built in router/firewall, internet access, air conditioning system, electrical line conditioners to prevent brownouts/spikes, and the electricity needed to run the server for a year? What the hell are you talking about? See... you really don't understand how much money it costs to run/install/manage a server do you? You think that you just order a computer and there are no additional costs. What about the time it takes to get your coporate network guys to approve it on the company network? What about the time it takes to get the requisition order completed, spec out and order the unit, and get the company resources people to come down and slap an inventory sticker on it? You've wasted 40 hours of company time right there and you haven't even "flipped the switch" yet. You are either a college punk running his fantasy football site out of his basement or you have never worked in a company that had more than five people in it!

"Yes, and adding a new server is "flipping a switch" because all they do is associate your account with a rack mounted machine that was among those installed en masse."

Again, bullcrap. At $50/hr. (which is dirt cheap by the way) they are charging you 6 hours to setup the system and administer the account. This is very reasonable and is part of doing business. And even if it was installed "en masse" that still takes time that they need to recoup some way. They will also be giving you access to the box and holding your hand for a couple of hours while you get started. They will easily burn 6 hours on your account just getting the hardware/software/access all set up.

You have no concept of costs or time. You are the type of guy who buys a $1000 server and spends 200 hours and $10,000 in parts getting it set up. Then you gleefully announce how much money you have saved everyone since you are hosting the company intranet for $1000.

Yeah right, either wake up and get a clue or go back to hosting your fantasy football site. I'm done with you. Anyone reading this thread can clearly see how clueless you are when it comes to hosting servers!

anon
Thursday, July 26, 2007

Deleting …Approving …

So you order a Dell these days

Uh, no. An "unmanaged server" is just like a managed server--it sits in a data facility and has everything hooked up. The difference is, as I said, backups and updates aren't done by a (yes) flunky. Typical low-end price is 80/month.

I could detail my current project deployment process, but for obvious reasons I'm not going to. Almost none of it could be done by anyone but me. Installation of the basic tools is not especially difficult...

"yum install tomcat"

...and such things should be done by the person closest to the project anyway. I really don't want a DEPENDENCY on a flunky, if I can help it.

my_name_is_here
Thursday, July 26, 2007

Deleting …Approving …

For what it's worth, here's my 2 cents.

I've hosted my own servers, used unmanaged servers, and used managed servers. By far, the managed servers have been the best. They are the most expensive, in terms of monthly charges, but lowest in terms of the total cost. My rationale follows.

Hosting your own server, for mission-critical applications, makes little sense. It it almost impossible to compete with the large datacenters in terms of infrstructure and physical security. For anything other than test or training servers, I don't consider this viable.

The difference between the unmanaged servers and managed servers is less distinct. If you know how to manage a server, what is the big deal about applying your own patches and doing some routine maintenance? Not much. Do I think the managed providers spend a lot of time maintaining each server? No. Regardless, the managed servers I've used have had a fraction of the problem the unmanaged ones have. I think it has to do with the mentality of the provider.

For a managed server, the onus is on the provider for the uptime of the server. When something does go wrong (it always will), then they leap into action. I've gotten calls from the provider to notify me of a problem. When I call for support, I get a real person (and an expert at that, not a lackey). This change in mentality causes an increase in service which saves several hours of downtime each year. This negates any higher periodic fees and makes the managed solution more cost effective overall if you factor in costs of downtime, in-house labor, and lost customers.

By comparison, an unmanaged server's uptime is the onus of the customer. The uptime of the infrastructure is the responsibility of the provider. When something goes wrong, I'm often held up in phone queues. When I finally do speak to someone, usually the first thing they do is try to explain why they think it is the customer's fault instead of theirs. It's much more frustrating and a waste of time.

My experiences are probably pretty narrow. I've only bought managed servers from Rackspace. I've had almost no problems with any server there, ever. I've bought unmanaged servers from a bunch of places and have had problems with all of them. An obvious conclusion could be that I'm a crap administrator (potentially true), but the problems we've had have been more from bad hardware and interruptions in the infrastructure.

With few exceptions (EC2 servers, for instance) I only use simple, shared hosting accounts, or managed servers. I don't colocate, buy unmanaged servers, or host a production server myself. When I buy a managed server, I'm really buying increased service and a better mentality. I haven't regretted a cent I've spent on one of them.

Joel has posted about this before. He has some pretty bright people on his staff, yet he uses a hosting service with dedicated servers and is quite happy with their service.

In other words, it rarely makes sense to do it yourself unless you are a pretty big company.

OneMist8k
Tuesday, July 31, 2007

Deleting …Approving …

"yet he uses a hosting service with dedicated servers and is quite happy with their service."

Actually I think Joel said that they are in a colocation facility so they must own and manage their own hardware.

Tuesday, July 31, 2007

Deleting …Approving …

It makes sense to do it yourself if you're _really small_ (ie, running a fantasy football league, or just starting out such that $4200 is a really big deal.) Or if you're _really big_ (ie, you'll have one or more full time sysadmins on staff.) For everyone else, with a real revenue stream but not big enough to have full time sysadmins, a managed service sounds best.